Aloe Express: Authentication options?

  1. 4 months ago

    Hans v

    Feb 14 Pre-Release Testers, Xojo Pro Soest, NL

    I am considering using AloeExpress for a Server that will receive POST's from a third party.

    Is there a simple way to support Basic Authentication on an AloeExpress based server?
    I need to consume POST's from this third party service.
    I receive their data without any problem when I suppress username/password, but off course I need some kind op authentication.
    Does anybody have an example of applicable authentication methods?

    Thanks in advance.

    Hans

    Hans,

    One of the easiest ways to authenticate requests is with token authentication (also known as "bearer authentication"). With each request, a client will send an assigned token value via an "Authorization" HTTP header.

    For example, a request would send the token via a header like this:

    Authorization: Bearer L00K1NG-4WRD-2-XDC-2019-1N-M1AM1-FL

    On the server side, you authenticate the requests by getting the token from the header. For example:

    // Get the Authorization header.
    Dim AuthorizationHeader As String = Request.Headers.Lookup("Authorization", "")
    
    // Get the token that was passed by removing "Bearer" from the header.
    Dim Token As String = AuthorizationHeader.ReplaceAll("Bearer ", "")

    You would then evaluate the token to determine whether or not to allow the request. I usually return a "401 Unauthorized" status in cases where the request was not authenticated.

    I hope this helps.

    - Tim

  2. Tim D

    Feb 14 Pre-Release Testers, Xojo Pro, XDC Speakers Answer Richmond, VA

    Hans,

    One of the easiest ways to authenticate requests is with token authentication (also known as "bearer authentication"). With each request, a client will send an assigned token value via an "Authorization" HTTP header.

    For example, a request would send the token via a header like this:

    Authorization: Bearer L00K1NG-4WRD-2-XDC-2019-1N-M1AM1-FL

    On the server side, you authenticate the requests by getting the token from the header. For example:

    // Get the Authorization header.
    Dim AuthorizationHeader As String = Request.Headers.Lookup("Authorization", "")
    
    // Get the token that was passed by removing "Bearer" from the header.
    Dim Token As String = AuthorizationHeader.ReplaceAll("Bearer ", "")

    You would then evaluate the token to determine whether or not to allow the request. I usually return a "401 Unauthorized" status in cases where the request was not authenticated.

    I hope this helps.

    - Tim

  3. Robert L

    Feb 15 Pre-Release Testers, Xojo Pro
    Edited 4 months ago

    Slightly off topic...I really like your Authorization code!

    I'm looking forward to meeting you in person as I've been trying to get my head around the concept of Aloe Express for building web applications, but failing so far. I'm hoping a 15 minute conversation will clear my head and get me moving forward with a project I think Aloe might work for. :)

  4. Tim D

    Feb 15 Pre-Release Testers, Xojo Pro, XDC Speakers Richmond, VA

    Thanks Robert.

    If you'd like to setup a Zoom meeting to discuss Aloe, let me know.

    - Tim

  5. Robert L

    Feb 19 Pre-Release Testers, Xojo Pro

    @Tim D I'll compose my questions/confusion and send them to you (maybe put them in a new thread so others can benefit from your information). I want to make sure that I'm not wasting your time.

    RJL

or Sign Up to reply!